Mozilla marks 10th birthday, warns of Firefox bug

The Mozilla Foundation is celebrating what it regards as its 10th anniversary this week.

On 22 January, 1998, Netscape Communications Corporation announced its plans to make the source code for the Netscape Communicator client software available with free licensing on the internet. The Communicator 5 source code was made available on 31 March, 1998. The code became the basis of the Mozilla Suite, which comprises the Firefox web browser and the Thunderbird email application.

Mozilla, originally the codename for the Netscape Navigator browser code, became the name of both Mozilla's red lizard mascot and the open-source community that was created to develop the open-source Netscape suite.

The outgoing chief executive officer of Mozilla, Mitchell Baker, has asked the Mozilla community for ideas on how to celebrate Mozilla's 10th year. Mozilla.org, the organisation launched to co-ordinate Mozilla developers' efforts, will celebrate the event on 23 February.

Meanwhile, Mozilla's head of security, Window Snyder, warned on Tuesday of a flaw in Firefox's user interface, which is called "chrome". Following the notification of the flaw by vulnerability researcher Gerry Eisenhaur, Snyder confirmed on Tuesday that the flaw would affect users who had installed "flat" Firefox extensions — add-ons, such as Download Statusbar and Greasemonkey, that do not store files in a Java archive .

Insufficient security validation of input file names in the Firefox header lets an attacker order the browser to access files it is not supposed to be able to access, a technique known as directory traversal.

Mozilla has assigned a "low" severity rating to the flaw, and the vulnerability is being investigated by Firefox developers.